Pinned topicWAS Security Enablement on AIX machine

‏2011-04-20T06:46:34Z
|Tags:

Answered question
This question has been answered.

Unanswered question
This question has not been answered yet.

Hi

I installed WAS 8.0 on AIX 7.1. The Installation Manager based install did not allow security to be enabled. I went ahead and installed WAS 8 and then created a profile.
Later, I logged in and Enabled administrative security and Enabled application security. I used the federated repositories realm and configured the wasadmin username and password.
After restarting the WAS, I am unable to login. In the log I see:
"WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type"
One post suggest that I regenerate my LTPA keys. I did that but my problem was not solved.

Re: WAS Security Enablement on AIX machine

‏2011-04-20T23:05:02Z

This is the accepted answer.
This is the accepted answer.

Hi,

We tried to reproduce this but we did not see any issues. We used a Beta 3 base profile using IM on AIX 7.1 (64bit).

Can you give us more information on your setup - for eg. is it base profile? When you say IM did not allow security to be enabled, can you describe the issue? For eg. did you not see the security panel or did it not accept the information you entered? Can you provide us the security.xml file and clean security trace (com.ibm.ws.security.*=all:com.ibm.ws.security.policy.*=off) when you enabled it after creating the profile?

Also, if it is really an issue with LTPA keys, you can try removing the ltpa.jceks file (under the nodes directory - back it up somewhere outside the configuration path) and restart the server and see if it makes a difference (this file will be recreated during the server startup).

Re: WAS Security Enablement on AIX machine

We tried to reproduce this but we did not see any issues. We used a Beta 3 base profile using IM on AIX 7.1 (64bit).

Can you give us more information on your setup - for eg. is it base profile? When you say IM did not allow security to be enabled, can you describe the issue? For eg. did you not see the security panel or did it not accept the information you entered? Can you provide us the security.xml file and clean security trace (com.ibm.ws.security.*=all:com.ibm.ws.security.policy.*=off) when you enabled it after creating the profile?

Also, if it is really an issue with LTPA keys, you can try removing the ltpa.jceks file (under the nodes directory - back it up somewhere outside the configuration path) and restart the server and see if it makes a difference (this file will be recreated during the server startup).

Sorry for raising a false alarm. I think I missed out on a step in between. After re-trying it works. The only difference I noted was during one of the steps the check box that selects security was un-checked. I had to check it again. In case I find more information or a set of steps that can reproduce the problem I shall post it

Re: WAS Security Enablement on AIX machine

‏2011-04-25T03:14:53Z

This is the accepted answer.
This is the accepted answer.

1) I see a new problem now. I cannot login from my machine. In the SystemErr.log there is a javax.naming.NameAlreadyBoun
dException.
The interesting part is that my friend from the other machine can login.

2) After logging in my friend feels that the console is slow. We saw that the trace log contains a console exception.

Re: WAS Security Enablement on AIX machine

1) I see a new problem now. I cannot login from my machine. In the SystemErr.log there is a javax.naming.NameAlreadyBoun
dException.
The interesting part is that my friend from the other machine can login.

2) After logging in my friend feels that the console is slow. We saw that the trace log contains a console exception.

Re: WAS Security Enablement on AIX machine

1) I see a new problem now. I cannot login from my machine. In the SystemErr.log there is a javax.naming.NameAlreadyBoun
dException.
The interesting part is that my friend from the other machine can login.

2) After logging in my friend feels that the console is slow. We saw that the trace log contains a console exception.

NameAlreadyBoundException should not typically cause any issues with logging into the console. Most of the time it is just an information message.

What is the console exception and do you have any trace? Are you both using the same install and it works for one and not for the other for the same user credentials? What happens in the failure case? For eg, does it re-prompt you, see an unauthorized error?

Re: WAS Security Enablement on AIX machine

NameAlreadyBoundException should not typically cause any issues with logging into the console. Most of the time it is just an information message.

What is the console exception and do you have any trace? Are you both using the same install and it works for one and not for the other for the same user credentials? What happens in the failure case? For eg, does it re-prompt you, see an unauthorized error?

I cleared browser cache and am able to login now. I was used to the earlier versions of WAS which would say session expired. I am unable to reproduce the console exception that we saw.
I am going to close this chain.